[UNIX] Peer Authentication Vulnerability In Ingate Products (SIP Over TLS - X.509)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.

- - - - - - - - -

Peer Authentication Vulnerability In Ingate Products (SIP Over TLS -


It may be possible for an attacker to connect using SIP over TLS even if
an X.509 client certificate is required. It may also be possible for an
attacker to intercept connections to TLS-secured servers that the Ingate
product initiates.


Vulnerable Systems:
* All current versions of Ingate Firewall
* All current versions of Ingate SIParator

The vulnerability is only exploitable if an X.509 certificate uses an RSA
key with exponent 3. The Ingate product never creates such keys by
itself, but if an external CA is used, and if that CA uses exponent 3, the
configuration may be vulnerable. Most CAs uses exponent 65537, and
certificates issued by them are not vulnerable.

SIP installations are vulnerable if any of the certificates in the "TLS CA
Certificates" table on the "Signaling Encryption" tab uses exponent 3.

How to determine if an X.509 certificate uses exponent 3:
If you have the OpenSSL package installed, you can examine a certificate
with a command such as this (assuming that the X.509 certificate is stored
in PEM format in the file named "cert.cer").
openssl x509 -inform pem -in cert.cer -text

Among the lines printed, there will be a line such as:
Exponent: 65537 (0x10001)

If it says 3 instead of 65537 the certificate is vulnerable.

Switch to a CA that don't use exponent 3. If that is not possible, turn
off the SIP module.

Since Ingate believes that few of our customers use an external CA that
uses exponent 3, we plan to resolve this issue in the next regular
release. Contact to obtain a patch that fixes this problem if you are

The OpenSSL project has released an advisory titled "
<http://www.openssl.org/news/secadv_20060905.txt> RSA Signature Forgery
(CVE-2006-4339)". This advisory possibly affects some installations of
Ingate Firewall and Ingate SIParator.

CVE Information:


The information has been provided by <mailto:ceder@xxxxxxxxxx> Per


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.